Windows Server 20xx 命令行配置系统策略

:WindowsServer命令行配置系统策略
:如果感觉使用图形界面进行系统策略配置比较繁琐,可以通过命令行方式批量配置系统策略。
:先编制如下内容的SetSysPolicies.cmd文件(其中“@echo”引导的为文字回显行),然后以管理员方式打开CMD,
:直接运行SetSysPolicies.cmd便可以快速完成系统策略配置,注意,下面有些修改需重启计算机才能生效。
:有关内容可参见https://github.com/m2nlight/WindowsServerToWindowsDesktop 。

@echo (1).关闭系统的用户账户控制 (Disable UAC),需重启计算机才能生效,已测试成功
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0x0 /f>nul

@echo (2).关闭IE的增强安全配置 (IE Security Policy),已测试成功
reg add "HKLM\Software\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v IsInstalled /t REG_DWORD /d 0 /f>nul
reg add "HKLM\Software\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v IsInstalled /t REG_DWORD /d 0 /f>nul
reg add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t reg_sz /d "about:blank" /f
Rundll32 iesetup.dll, IEHardenLMSettings
Rundll32 iesetup.dll, IEHardenUser
Rundll32 iesetup.dll, IEHardenAdmin

@echo (3).取消开机按Ctrl+Alt+Del组合键登录 (Disable Ctrl+Alt+Del login),已测试成功
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableCAD" /t REG_DWORD /d 1 /f>nul

@echo (4).禁用“以管理员批准模式运行所有管理员” (Disable “Run all administrators in Admin Approval Mode”),已测试成功
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f>nul

@echo (5).禁用“关闭事件跟踪程序” (Disable Shutdown reason On),已测试成功
reg delete "HKLM\Software\Policies\Microsoft\Windows NT\Reliability" /v "ShutdownReasonOn" /f
reg add "HKLM\Software\Policies\Microsoft\Windows NT\Reliability" /v "ShutdownReasonOn" /t REG_DWORD /d 0 /f>nul

@echo (6).关闭所有驱动器的自动播放 (Enable Turn off Autoplay),已测试成功
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveTypeAutoRun" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d 255 /f

@echo (7).禁用Win11不显示更多选项,/ve 为注册表项添加空白值名 无名称
reg add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /ve /f

@echo (8).强制更新组策略
gpupdate /force

 

posted on 2024-02-03 22:51  patton88  阅读(15)  评论(0编辑  收藏  举报

导航